FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rosalyn
Staff
Staff
Article Id 196349

Description

 

Before v7.0, first the routing table was supposed to be checked first with "get router info routing-table details <destination>". The reason is that this traffic is local traffic and by default will leave the FortiGate through the same interface as per the routing table.


However, since FortiOS 7.0, new commands' execute telnet-options' and 'execute ssh-options' allow administrators to set the source interface and address for their connection.


This article explains these commands:

 

execute telnet-options {interface <outgoing interface> | reset | source <source interface IP> | view-settings}
execute ssh-options {interface <outgoing interface> | reset | source <source interface IP> | view-settings}

 

Scope

 

FortiGate

 

Solution


To edit the Telnet options:

 

execute telnet-options interface port1
execute telnet-options source 1.1.1.1

 

To confirm that the Telnet packets are using the configured port and address:

 

diagnose sniffer packet any "port 23" 4
4.070426 port1 out 1.1.1.1.13938 -> 15.15.15.2.23: syn 400156130
4.070706 port1 in 15.15.15.2.23 -> 1.1.1.1.13938: syn 2889776642 ack 400156131

 

To edit the SSH options:# execute ssh-options interface port1

 

execute ssh-options source 1.1.1.1

 

To confirm that the SSH packets are using the configured port and address:

 

diagnose sniffer packet any "port 22" 4
6.898985 port1 out 1.1.1.1.20625 -> 15.15.15.2.22: syn 1704095779
6.899286 port1 in 15.15.15.2.22 -> 1.1.1.1.20625: syn 753358246 ack 1704095780